CISA, DOE Warn of Attacks on Uninterruptible Power Supply (UPS) DevicesCISA, DOE Warn of Attacks on Uninterruptible Power Supply (UPS) Devices
Take UPS management interfaces off the Internet "immediately," agencies say.
March 30, 2022
Threat actors are hacking Internet-connected uninterruptible power supply (UPS) devices, typically via default username and password combinations, the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Energy (DoE) warned this week in a joint alert.
The federal agencies recommend immediately removing UPS devices from the public Internet and ensuring that their management interface is behind a VPN or other security controls if it's accessible via the Internet.
Change any factory-default passwords and employ multifactor authentication and strong passwords, CISA and DOE recommended in their alert.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage
The Rise of Extended Detection & Response